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(57) The identification system for admission into 
protected area according to the invention solves the 
problem of secure access to computer networks, where- 
by the said system uses an additional key for admission , 
to applications or user programs, to web sites on internet 
or intranet, and as additional lock beside conventional 
security devices for restricted premises. 

The essential feature of the identification system 
according to the invention is in that the user (1 ) supplies 
beside his/her regular username and password an ad- 
ditional, randomly generated password (8), which is 
sent to his/her mobile phone (9) number by the identifi- 
cation system in the form of an SMS message (8) after 
the identification systems receives the regular user- 
name and password from the user. Additional security 
is ensured by time-limited usability of the said SMS key 
and by limited repetition of access attempts. 
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Description 

FIELD OF THE INVENTION 

[0001] The invention relates in general to electronic 
security systems with personal identity verification. In 
particular, the invention relates to personal identification 
systems including additional computer generated pro- 
tection means. 

TECHNICAL PROBLEM 

[0002] The technical problem solved by the present 
invention is to design an identification system allowing 
access to protected content, which may be either elec- 
tronic or physical, only to authorized persons, who shall 
identify themselves by their mobile phone and by addi- 
tional criteria based on mobile telephone system and on 
a computer algorithm. 

BACKGROUND TO THE DISCLOSURE 

[0003] Various authentication systems are known, 
providing controlled access to protected contents or 
premises. With the secure sockets layer protocol (SSL), 
the steps for opening access to a secure system are as 
follows: Upon the request of a user, the server sends its 
public key along with its certificate. The user checks the 
validity of the certificate and transmits to the server, if 
the certificate is valid, a random symmetric encryption 
key, encrypted with the public key, and other necessary 
data. The server decrypts the symmetric encryption key 
using its private key and uses the symmetric key also to 
decrypt other data. Depending on the agreement of said 
data elements, the access to secure system is enabled 
or denied to the user. 

[0004] Smart cards are also widely used for access 
control. With an identity card or an access control card, 
the user operates a small electronic device, which in- 
cludes a keypad and a display. To gain access to a sys- 
tem, the user types in beside his/her username and 
password also a special password, which is generated 
by the device after the user enters his/her PIN code. 
[0005] Some user identification systems require sup- 
plementary devices, e.g. fingerprints reader, temporary 
password generator or the like for additional personal 
identification. 

DESCRIPTION OF THE INVENTION 

[0006] The essential feature of the identification sys- 
tem for admission into protected area according to the 
invention is in supplying to the system beside user's reg- 
ular username and password also an additional, ran- 
domly generated password, which is sent by the identi- 
fication system to user's mobile phone number in the 
form of an SMS message afterthe identification systems 
receives the regular username and password from the 



user. Additional security is ensured by time-limited ap- 
plicability of the said SMS key and also by limited repe- 
tition of access attempts. 

[0007] The identification system according to the in- 
5 vention is intended: 

for access to a computer network, whereby the said 
system acts as an additional key for admission; 
for access to applications or user programs; 
10 - for access to web sites on internet or intranet; 

as additional lock beside conventional security de- 
vices for restricted premises. 

[0008] The identification system according to the in- 
15 vention is explained in detail by means of Figure 1 show- 
ing a block diagram of the system. 
[0009] A user 1 initiates the identification procedure 
by opening through a communicator 2 a window 3 in- 
tended for the input of the username and password. A 
20 module 4 conveys the said two input keys to a database 
5 of registered users. If the username and password are 
incorrect, a module 1 5 passes on a signal NOI through 
a module 16 to the communicator 2 requesting a repe- 
tition of the initial access step. The module 16 allows yet 
25 another repetition of access to the communicator 2, 
which consequently opens the window 3 forthe third and 
the last time. If the username and password are incor- 
rect also at the third attempt, the module 1 6 blocks the 
access to the communicator 2. 
30 [0010] When the username and password are cor- 
rect, a module 6 passes on a signal YES1 to a GSM 
module 7, which sends a randomly generated SMS 
password 8 to a mobile phone 9 of the user 1 , who types 
the received SMS password 8 into a window 10. At this 
35 point a time interval starts to run, which is written in the 
window 1 0 and is set accordingly to limit the applicability 
of the SMS password 8. If the user does not enter the 
SMS password 8 correctly, a module 11 passes on a 
signal N02 through a module 14 to the communicator 2 
40 as a command to open the window 3 so that the user- 
name and password can be entered again. The module 
1 4 allows one more repetition of the access to the com- 
municator, which opens the window 3 so thatthe user- 
name and password can be typed in again. When the 
45 user 1 enters the correct SMS password 8 into the win- 
dow 1 0, a module 1 2 passes on a signal YES2 to a mod- 
ule 1 3, which opens the access to the protected content. 
[0011] The identification system according to the in- 
vention ensures a reliable opening of access to a secure 
50 content or area, provided that the criteria for access as 
described above are met, i.e. that the username, the 
password and the random SMS password 8 are entered 
correctly. If all three identification criteria are not fulfilled, 
the access to the communicator 2 is closed. Besides, 
55 the user must apply for a new username and password 
with the manager of the secure content. 
[0012] The security measures of the identification 
system according to the invention are multifaceted. The 



25 



30 



35 



40 



45 



50 



2 



3 



EP 1 445 917 A2 



4 



user has three permanently assigned access criteria, i. 
e. the username, the password and the number of his/ 
her mobile phone, and a fourth access criterion, which 
is a randomly generated password, sent to his/her mo- 
bile phone as an SMS message. Furthermore, the reli- 5 
ability of the system is enhanced by time-limited appli- 
cability of the random password. Besides, the require- 
ments for access can be adjusted to suite the impor- 
tance of the secure content by altering the number of 
repetitions allowed forthe input of the username and the 10 
password. 

[0013] The identification system according to the in- 
vention represents an improvement of the existing se- 
curity systems and can be applied with all electronic se- 
curity systems, which include personal identification. 15 
The essential feature of the system is in sending an ad- 
ditional password, needed for access to various secure 
contents such as information systems, applications, 
computer networks, and similar to the user via an SMS 
message. The identification system according to the in- 20 
vention can be applied for securing the access to elec- 
tronic content as well as to secure premises such as pri- 
vate residences, banks, offices, schools and similar. 
The mobile phones used forthe communication with us- 
ers for additional security identification have a great ad- 25 
vantage as compared to other identification devices be- 
cause they are widespread and feature a high degree 
of mobility, so the desired secure content can be ac- 
cessed from different locations. 

[001 4] The advantage of the identification system ac- 30 
cording to the invention is in that every time a new ran- 
domly generated password is sent by means of an SMS 
message to the user's mobile phone. In this way, the 
possibility for the third person to access the secure sys- 
tem by using only the username and password of the 35 
registered user is eliminated. Namely, due to various 
reasons, usernames and passwords are not secured 
with enough care. The additional password, which is 
randomly generated exclusively upon the request of the 
user, which is sent only to his/her mobile phone, and 40 
which has a time-limited validity, ensures a high degree 
of protection forthe secure content, for which the access 
is requested. 

[0015] In case of an attempt by a third person to ac- 
cess the secure system by using the username and 45 
password of a registered user, the owner of this user- 
name and password is informed with an SMS message 
that somebody tried to access a secure system with his/ 
her username and password. This feature represents 
an additional protection of access to a secure system, 50 
as the system administrator has the possibility to inter- 
vene promptly. 

[001 6] Another advantage of the identification system 
according to the invention is in that in case of more than 
three unsuccessful attempts to enter into the secure 55 
system, further attempts are prevented for a certain time 
period and adequate notes are sent to the system ad- 
ministrator and to the owner of the registered username 



and password. 

[0017] The identification system according to the in- 
vention enables additional limitations of access to se- 
cure content for a certain time period, e.g. for working 
hours only, and allows different adjustments for individ- 
ual users. 



Claims 

1 . An identification system for admission into protect- 
ed area, which operates via the on-line network and 
a mobiletelephone system and uses three personal 
identification criteria of the authorized user of the 
restricted area, namely the username and the pass- 
word, assigned to the authorized user by the man- 
ager of the secure area, and the number of the us- 
er's mobile phone, characterized in that the user 

(1) initiates the identification procedure by opening 
through a communicator (2) a window (3) and by 
typing in his/her username and password, which 
are conveyed by module (4) to a database (5) of 
registered users; that in case of incorrect username 
and password a module (15) passes on a signal 
(NOI) through a module (16) to the communicator 

(2) requesting a repetition of the initial access step; 
that the module (1 6) allows yet another repetition of 
access to the communicator 2, so when the user- 
name and password are entered incorrectly forthe 
third time, the module (1 6) blocks the access to the 
communicator (2); that in case of correct username 
and password a module (6) passes on a signal 
(YES1) to a GSM module (7), which sends a ran- 
domly generated SMS password (8) to a mobile 
phone (9) of the user (1), who types the received 
SMS password (8) into a window (10), and that at 
this point a time interval starts to run, which is writ- 
ten in the window (1 0) and is set accordingly to limit 
the applicability of the SMS password (8); that if the 
user does not enterthe SMS password (8) correctly, 
a module (11) passes on a signal (N02) through a 
module (14) to the communicator (2) as a command 
to open the window (3) so that the username and 
password can be typed in again; that the module 
(14) allows yet another repetition of the access to 
the communicator (2), which opens the window (3) 
so that the username and password can be typed 
in once again; that when the user (1 ) enters the cor- 
rect SMS password (8) into the window (10), a mod- 
ule (12) passes on asignal (YES2) toamodule (13), 
which opens the access to the protected content; 
that in case that any of three identification criteria, 
i.e. username, password and random SMS pass- 
word (8), is not fulfilled, the access to the commu- 
nicator (2) is closed and the user must apply with 
the manager of the secure content for a new user- 
name and password, which will be stored in the 
identification system together with the user's mobile 
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phone number. 

2. The identification system according to claim 1 , 
wherein the reliability of the authorized access to 
secure area is enhanced by time-limited applicabil- 5 
ity of the SMS password (8). 

3. The identification system according to claims 1 and 

2, wherein the number of repetitions for opening the 
window (3), in which the user (1) types in his/her 10 
username and password, can be adjusted in mod- 
ule (14) and in module (16). 

4. The identification system according to claims 1 and 

3, characterized in that the identification system 15 
is applicable for access to a computer network, 
whereby the said system acts as an additional key 

for admission, for access to applications or user 
programs, for access to web sites on internet or in- 
tranet, and as additional lock beside conventional 20 
security devices for restricted premises. 
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